Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
Detects exposed public-facing account credentials as identified in CYFIRMA's threat intelligence feeds. This rule monitors for credentials leaked through third-party breaches, dark web sources, or public repositories that could impact the organization's users or systems. It captures key details such as email, username, IP address, and associated devices. These accounts may not be directly managed by the enterprise but still pose a risk of lateral access, shadow IT, or third-party exposure.
| Attribute | Value |
|---|---|
| Type | Analytic Rule |
| Solution | Cyfirma Compromised Accounts |
| ID | 57602938-e95a-4fc3-9352-8d473ed256e1 |
| Severity | High |
| Status | Available |
| Kind | Scheduled |
| Tactics | CredentialAccess, InitialAccess, Discovery |
| Techniques | T1078, T1087, T1552 |
| Required Connectors | CyfirmaCompromisedAccountsDataConnector |
| Source | View on GitHub |
This content item queries data from the following tables:
| Table | Transformations | Ingestion API | Lake-Only |
|---|---|---|---|
CyfirmaCompromisedAccounts_CL |
? | ✓ | ? |
Browse: 🏠 · Solutions · Connectors · Methods · Tables · Content · Parsers · ASIM Parsers · ASIM Products · 📊
↑ Back to Analytic Rules · Back to Cyfirma Compromised Accounts